1.3 Architecture

Identity Audit collects data from multiple Novell identity and security applications. These application servers are configured to generate event records, and each hosts a Platform Agent. Event data is forwarded by the Platform Agent to an Audit Connector that resides on the Identity Audit Server.

The Audit Connector passes events to the Data Collection component, which parses the events and puts them on the Communication Bus, which is the backbone of the system and brokers most communication between components. As part of Data Collection, incoming events are evaluated by a set of filtering rules. These rules filter events and send them to output channels such as a file, a syslog relay, or an SMTP relay.

In addition, all events are stored in the Identity Audit database (powered by PostgreSQL*), in partitioned tables.

The Configuration component retrieves, adds, and modifies configuration information such as data collection and storage settings, rule definitions, and report definitions. It also manages user authentication.

The Search component performs fast, indexed searches and retrieves events from the database to present search result sets to the user.

The Reporting component runs reports and formats report results.

Figure 1-2 Architecture for Identity Audit

Users interact with the Identity Audit server and all of its functionality via a Web browser, which connects to an Apache* Tomcat Web server. The Web server makes calls to the various Identity Audit components via the Communications Bus.